Problem when trying to store NAS-Port-ID into radpostauth table
Antônio Modesto
modesto at hubsoft.com.br
Thu Sep 16 22:32:59 CEST 2021
On 16/09/2021 16:23, Alan DeKok wrote:
> On Sep 16, 2021, at 2:57 PM, Antônio Modesto <modesto at hubsoft.com.br> wrote:
>> The unescape didn't solve the problem. I had to add ";" and "=" to the safe_characters variable to solve it for now.
> People can now do SQL injection attacks, and break into your SQL server.
>
> Please don't do that.
>
> Alan DeKok.
From our application I don't think that it is possible. Only if the
attacker pretended to be a known NAS server. Do you have any other
suggestion?
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list